2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #include "qemu-common.h"
32 #include "qemu/error-report.h"
33 #include "hw/scsi/scsi.h"
34 #include "block/scsi.h"
35 #include "sysemu/sysemu.h"
36 #include "sysemu/blockdev.h"
37 #include "hw/block/block.h"
38 #include "sysemu/dma.h"
44 #define SCSI_WRITE_SAME_MAX 524288
45 #define SCSI_DMA_BUF_SIZE 131072
46 #define SCSI_MAX_INQUIRY_LEN 256
47 #define SCSI_MAX_MODE_LEN 256
49 #define DEFAULT_DISCARD_GRANULARITY 4096
51 typedef struct SCSIDiskState SCSIDiskState
;
53 typedef struct SCSIDiskReq
{
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
57 uint32_t sector_count
;
65 #define SCSI_DISK_F_REMOVABLE 0
66 #define SCSI_DISK_F_DPOFUA 1
67 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
86 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
);
88 static void scsi_free_request(SCSIRequest
*req
)
90 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
92 qemu_vfree(r
->iov
.iov_base
);
95 /* Helper function for command completion with sense. */
96 static void scsi_check_condition(SCSIDiskReq
*r
, SCSISense sense
)
98 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
99 r
->req
.tag
, sense
.key
, sense
.asc
, sense
.ascq
);
100 scsi_req_build_sense(&r
->req
, sense
);
101 scsi_req_complete(&r
->req
, CHECK_CONDITION
);
104 /* Cancel a pending data transfer. */
105 static void scsi_cancel_io(SCSIRequest
*req
)
107 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
109 DPRINTF("Cancel tag=0x%x\n", req
->tag
);
111 bdrv_aio_cancel(r
->req
.aiocb
);
113 /* This reference was left in by scsi_*_data. We take ownership of
114 * it the moment scsi_req_cancel is called, independent of whether
115 * bdrv_aio_cancel completes the request or not. */
116 scsi_req_unref(&r
->req
);
121 static uint32_t scsi_init_iovec(SCSIDiskReq
*r
, size_t size
)
123 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
125 if (!r
->iov
.iov_base
) {
127 r
->iov
.iov_base
= qemu_blockalign(s
->qdev
.conf
.bs
, r
->buflen
);
129 r
->iov
.iov_len
= MIN(r
->sector_count
* 512, r
->buflen
);
130 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
131 return r
->qiov
.size
/ 512;
134 static void scsi_disk_save_request(QEMUFile
*f
, SCSIRequest
*req
)
136 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
138 qemu_put_be64s(f
, &r
->sector
);
139 qemu_put_be32s(f
, &r
->sector_count
);
140 qemu_put_be32s(f
, &r
->buflen
);
142 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
143 qemu_put_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
144 } else if (!req
->retry
) {
145 uint32_t len
= r
->iov
.iov_len
;
146 qemu_put_be32s(f
, &len
);
147 qemu_put_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
152 static void scsi_disk_load_request(QEMUFile
*f
, SCSIRequest
*req
)
154 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
156 qemu_get_be64s(f
, &r
->sector
);
157 qemu_get_be32s(f
, &r
->sector_count
);
158 qemu_get_be32s(f
, &r
->buflen
);
160 scsi_init_iovec(r
, r
->buflen
);
161 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
162 qemu_get_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
163 } else if (!r
->req
.retry
) {
165 qemu_get_be32s(f
, &len
);
166 r
->iov
.iov_len
= len
;
167 assert(r
->iov
.iov_len
<= r
->buflen
);
168 qemu_get_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
172 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
175 static void scsi_aio_complete(void *opaque
, int ret
)
177 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
178 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
180 assert(r
->req
.aiocb
!= NULL
);
182 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
183 if (r
->req
.io_canceled
) {
188 if (scsi_handle_rw_error(r
, -ret
)) {
193 scsi_req_complete(&r
->req
, GOOD
);
196 if (!r
->req
.io_canceled
) {
197 scsi_req_unref(&r
->req
);
201 static bool scsi_is_cmd_fua(SCSICommand
*cmd
)
203 switch (cmd
->buf
[0]) {
210 return (cmd
->buf
[1] & 8) != 0;
215 case WRITE_VERIFY_10
:
216 case WRITE_VERIFY_12
:
217 case WRITE_VERIFY_16
:
227 static void scsi_write_do_fua(SCSIDiskReq
*r
)
229 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
231 if (r
->req
.io_canceled
) {
235 if (scsi_is_cmd_fua(&r
->req
.cmd
)) {
236 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
237 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_aio_complete
, r
);
241 scsi_req_complete(&r
->req
, GOOD
);
244 if (!r
->req
.io_canceled
) {
245 scsi_req_unref(&r
->req
);
249 static void scsi_dma_complete_noio(void *opaque
, int ret
)
251 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
252 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
254 if (r
->req
.aiocb
!= NULL
) {
256 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
258 if (r
->req
.io_canceled
) {
263 if (scsi_handle_rw_error(r
, -ret
)) {
268 r
->sector
+= r
->sector_count
;
270 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
271 scsi_write_do_fua(r
);
274 scsi_req_complete(&r
->req
, GOOD
);
278 if (!r
->req
.io_canceled
) {
279 scsi_req_unref(&r
->req
);
283 static void scsi_dma_complete(void *opaque
, int ret
)
285 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
287 assert(r
->req
.aiocb
!= NULL
);
288 scsi_dma_complete_noio(opaque
, ret
);
291 static void scsi_read_complete(void * opaque
, int ret
)
293 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
294 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
297 assert(r
->req
.aiocb
!= NULL
);
299 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
300 if (r
->req
.io_canceled
) {
305 if (scsi_handle_rw_error(r
, -ret
)) {
310 DPRINTF("Data ready tag=0x%x len=%zd\n", r
->req
.tag
, r
->qiov
.size
);
312 n
= r
->qiov
.size
/ 512;
314 r
->sector_count
-= n
;
315 scsi_req_data(&r
->req
, r
->qiov
.size
);
318 if (!r
->req
.io_canceled
) {
319 scsi_req_unref(&r
->req
);
323 /* Actually issue a read to the block device. */
324 static void scsi_do_read(void *opaque
, int ret
)
326 SCSIDiskReq
*r
= opaque
;
327 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
330 if (r
->req
.aiocb
!= NULL
) {
332 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
334 if (r
->req
.io_canceled
) {
339 if (scsi_handle_rw_error(r
, -ret
)) {
344 /* The request is used as the AIO opaque value, so add a ref. */
345 scsi_req_ref(&r
->req
);
348 dma_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, r
->req
.sg
, BDRV_ACCT_READ
);
349 r
->req
.resid
-= r
->req
.sg
->size
;
350 r
->req
.aiocb
= dma_bdrv_read(s
->qdev
.conf
.bs
, r
->req
.sg
, r
->sector
,
351 scsi_dma_complete
, r
);
353 n
= scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
354 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_READ
);
355 r
->req
.aiocb
= bdrv_aio_readv(s
->qdev
.conf
.bs
, r
->sector
, &r
->qiov
, n
,
356 scsi_read_complete
, r
);
360 if (!r
->req
.io_canceled
) {
361 scsi_req_unref(&r
->req
);
365 /* Read more data from scsi device into buffer. */
366 static void scsi_read_data(SCSIRequest
*req
)
368 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
369 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
372 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
373 if (r
->sector_count
== 0) {
374 /* This also clears the sense buffer for REQUEST SENSE. */
375 scsi_req_complete(&r
->req
, GOOD
);
379 /* No data transfer may already be in progress */
380 assert(r
->req
.aiocb
== NULL
);
382 /* The request is used as the AIO opaque value, so add a ref. */
383 scsi_req_ref(&r
->req
);
384 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
385 DPRINTF("Data transfer direction invalid\n");
386 scsi_read_complete(r
, -EINVAL
);
391 scsi_read_complete(r
, -ENOMEDIUM
);
397 if (first
&& scsi_is_cmd_fua(&r
->req
.cmd
)) {
398 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
399 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_do_read
, r
);
406 * scsi_handle_rw_error has two return values. 0 means that the error
407 * must be ignored, 1 means that the error has been processed and the
408 * caller should not do anything else for this request. Note that
409 * scsi_handle_rw_error always manages its reference counts, independent
410 * of the return value.
412 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
)
414 bool is_read
= (r
->req
.cmd
.xfer
== SCSI_XFER_FROM_DEV
);
415 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
416 BlockErrorAction action
= bdrv_get_error_action(s
->qdev
.conf
.bs
, is_read
, error
);
418 if (action
== BDRV_ACTION_REPORT
) {
421 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
424 scsi_check_condition(r
, SENSE_CODE(TARGET_FAILURE
));
427 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
430 scsi_check_condition(r
, SENSE_CODE(IO_ERROR
));
434 bdrv_error_action(s
->qdev
.conf
.bs
, action
, is_read
, error
);
435 if (action
== BDRV_ACTION_STOP
) {
436 scsi_req_retry(&r
->req
);
438 return action
!= BDRV_ACTION_IGNORE
;
441 static void scsi_write_complete(void * opaque
, int ret
)
443 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
444 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
447 if (r
->req
.aiocb
!= NULL
) {
449 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
451 if (r
->req
.io_canceled
) {
456 if (scsi_handle_rw_error(r
, -ret
)) {
461 n
= r
->qiov
.size
/ 512;
463 r
->sector_count
-= n
;
464 if (r
->sector_count
== 0) {
465 scsi_write_do_fua(r
);
468 scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
469 DPRINTF("Write complete tag=0x%x more=%zd\n", r
->req
.tag
, r
->qiov
.size
);
470 scsi_req_data(&r
->req
, r
->qiov
.size
);
474 if (!r
->req
.io_canceled
) {
475 scsi_req_unref(&r
->req
);
479 static void scsi_write_data(SCSIRequest
*req
)
481 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
482 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
485 /* No data transfer may already be in progress */
486 assert(r
->req
.aiocb
== NULL
);
488 /* The request is used as the AIO opaque value, so add a ref. */
489 scsi_req_ref(&r
->req
);
490 if (r
->req
.cmd
.mode
!= SCSI_XFER_TO_DEV
) {
491 DPRINTF("Data transfer direction invalid\n");
492 scsi_write_complete(r
, -EINVAL
);
496 if (!r
->req
.sg
&& !r
->qiov
.size
) {
497 /* Called for the first time. Ask the driver to send us more data. */
499 scsi_write_complete(r
, 0);
503 scsi_write_complete(r
, -ENOMEDIUM
);
507 if (r
->req
.cmd
.buf
[0] == VERIFY_10
|| r
->req
.cmd
.buf
[0] == VERIFY_12
||
508 r
->req
.cmd
.buf
[0] == VERIFY_16
) {
510 scsi_dma_complete_noio(r
, 0);
512 scsi_write_complete(r
, 0);
518 dma_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, r
->req
.sg
, BDRV_ACCT_WRITE
);
519 r
->req
.resid
-= r
->req
.sg
->size
;
520 r
->req
.aiocb
= dma_bdrv_write(s
->qdev
.conf
.bs
, r
->req
.sg
, r
->sector
,
521 scsi_dma_complete
, r
);
523 n
= r
->qiov
.size
/ 512;
524 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_WRITE
);
525 r
->req
.aiocb
= bdrv_aio_writev(s
->qdev
.conf
.bs
, r
->sector
, &r
->qiov
, n
,
526 scsi_write_complete
, r
);
530 /* Return a pointer to the data buffer. */
531 static uint8_t *scsi_get_buf(SCSIRequest
*req
)
533 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
535 return (uint8_t *)r
->iov
.iov_base
;
538 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
540 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
544 if (req
->cmd
.buf
[1] & 0x1) {
545 /* Vital product data */
546 uint8_t page_code
= req
->cmd
.buf
[2];
548 outbuf
[buflen
++] = s
->qdev
.type
& 0x1f;
549 outbuf
[buflen
++] = page_code
; // this page
550 outbuf
[buflen
++] = 0x00;
551 outbuf
[buflen
++] = 0x00;
555 case 0x00: /* Supported page codes, mandatory */
557 DPRINTF("Inquiry EVPD[Supported pages] "
558 "buffer size %zd\n", req
->cmd
.xfer
);
559 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
561 outbuf
[buflen
++] = 0x80; // unit serial number
563 outbuf
[buflen
++] = 0x83; // device identification
564 if (s
->qdev
.type
== TYPE_DISK
) {
565 outbuf
[buflen
++] = 0xb0; // block limits
566 outbuf
[buflen
++] = 0xb2; // thin provisioning
570 case 0x80: /* Device serial number, optional */
575 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
579 l
= strlen(s
->serial
);
584 DPRINTF("Inquiry EVPD[Serial number] "
585 "buffer size %zd\n", req
->cmd
.xfer
);
586 memcpy(outbuf
+buflen
, s
->serial
, l
);
591 case 0x83: /* Device identification page, mandatory */
593 const char *str
= s
->serial
?: bdrv_get_device_name(s
->qdev
.conf
.bs
);
594 int max_len
= s
->serial
? 20 : 255 - 8;
595 int id_len
= strlen(str
);
597 if (id_len
> max_len
) {
600 DPRINTF("Inquiry EVPD[Device identification] "
601 "buffer size %zd\n", req
->cmd
.xfer
);
603 outbuf
[buflen
++] = 0x2; // ASCII
604 outbuf
[buflen
++] = 0; // not officially assigned
605 outbuf
[buflen
++] = 0; // reserved
606 outbuf
[buflen
++] = id_len
; // length of data following
607 memcpy(outbuf
+buflen
, str
, id_len
);
611 outbuf
[buflen
++] = 0x1; // Binary
612 outbuf
[buflen
++] = 0x3; // NAA
613 outbuf
[buflen
++] = 0; // reserved
614 outbuf
[buflen
++] = 8;
615 stq_be_p(&outbuf
[buflen
], s
->wwn
);
620 case 0xb0: /* block limits */
622 unsigned int unmap_sectors
=
623 s
->qdev
.conf
.discard_granularity
/ s
->qdev
.blocksize
;
624 unsigned int min_io_size
=
625 s
->qdev
.conf
.min_io_size
/ s
->qdev
.blocksize
;
626 unsigned int opt_io_size
=
627 s
->qdev
.conf
.opt_io_size
/ s
->qdev
.blocksize
;
629 if (s
->qdev
.type
== TYPE_ROM
) {
630 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
634 /* required VPD size with unmap support */
636 memset(outbuf
+ 4, 0, buflen
- 4);
638 outbuf
[4] = 0x1; /* wsnz */
640 /* optimal transfer length granularity */
641 outbuf
[6] = (min_io_size
>> 8) & 0xff;
642 outbuf
[7] = min_io_size
& 0xff;
644 /* optimal transfer length */
645 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
646 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
647 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
648 outbuf
[15] = opt_io_size
& 0xff;
650 /* optimal unmap granularity */
651 outbuf
[28] = (unmap_sectors
>> 24) & 0xff;
652 outbuf
[29] = (unmap_sectors
>> 16) & 0xff;
653 outbuf
[30] = (unmap_sectors
>> 8) & 0xff;
654 outbuf
[31] = unmap_sectors
& 0xff;
657 case 0xb2: /* thin provisioning */
661 outbuf
[5] = 0xe0; /* unmap & write_same 10/16 all supported */
662 outbuf
[6] = s
->qdev
.conf
.discard_granularity
? 2 : 1;
670 assert(buflen
- start
<= 255);
671 outbuf
[start
- 1] = buflen
- start
;
675 /* Standard INQUIRY data */
676 if (req
->cmd
.buf
[2] != 0) {
681 buflen
= req
->cmd
.xfer
;
682 if (buflen
> SCSI_MAX_INQUIRY_LEN
) {
683 buflen
= SCSI_MAX_INQUIRY_LEN
;
686 outbuf
[0] = s
->qdev
.type
& 0x1f;
687 outbuf
[1] = (s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) ? 0x80 : 0;
689 strpadcpy((char *) &outbuf
[16], 16, s
->product
, ' ');
690 strpadcpy((char *) &outbuf
[8], 8, s
->vendor
, ' ');
692 memset(&outbuf
[32], 0, 4);
693 memcpy(&outbuf
[32], s
->version
, MIN(4, strlen(s
->version
)));
695 * We claim conformance to SPC-3, which is required for guests
696 * to ask for modern features like READ CAPACITY(16) or the
697 * block characteristics VPD page by default. Not all of SPC-3
698 * is actually implemented, but we're good enough.
701 outbuf
[3] = 2 | 0x10; /* Format 2, HiSup */
704 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
706 /* If the allocation length of CDB is too small,
707 the additional length is not adjusted */
711 /* Sync data transfer and TCQ. */
712 outbuf
[7] = 0x10 | (req
->bus
->info
->tcq
? 0x02 : 0);
716 static inline bool media_is_dvd(SCSIDiskState
*s
)
719 if (s
->qdev
.type
!= TYPE_ROM
) {
722 if (!bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
725 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
726 return nb_sectors
> CD_MAX_SECTORS
;
729 static inline bool media_is_cd(SCSIDiskState
*s
)
732 if (s
->qdev
.type
!= TYPE_ROM
) {
735 if (!bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
738 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
739 return nb_sectors
<= CD_MAX_SECTORS
;
742 static int scsi_read_disc_information(SCSIDiskState
*s
, SCSIDiskReq
*r
,
745 uint8_t type
= r
->req
.cmd
.buf
[1] & 7;
747 if (s
->qdev
.type
!= TYPE_ROM
) {
751 /* Types 1/2 are only defined for Blu-Ray. */
753 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
757 memset(outbuf
, 0, 34);
759 outbuf
[2] = 0xe; /* last session complete, disc finalized */
760 outbuf
[3] = 1; /* first track on disc */
761 outbuf
[4] = 1; /* # of sessions */
762 outbuf
[5] = 1; /* first track of last session */
763 outbuf
[6] = 1; /* last track of last session */
764 outbuf
[7] = 0x20; /* unrestricted use */
765 outbuf
[8] = 0x00; /* CD-ROM or DVD-ROM */
766 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
767 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
768 /* 24-31: disc bar code */
769 /* 32: disc application code */
770 /* 33: number of OPC tables */
775 static int scsi_read_dvd_structure(SCSIDiskState
*s
, SCSIDiskReq
*r
,
778 static const int rds_caps_size
[5] = {
785 uint8_t media
= r
->req
.cmd
.buf
[1];
786 uint8_t layer
= r
->req
.cmd
.buf
[6];
787 uint8_t format
= r
->req
.cmd
.buf
[7];
790 if (s
->qdev
.type
!= TYPE_ROM
) {
794 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
798 if (format
!= 0xff) {
799 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
800 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
803 if (media_is_cd(s
)) {
804 scsi_check_condition(r
, SENSE_CODE(INCOMPATIBLE_FORMAT
));
807 if (format
>= ARRAY_SIZE(rds_caps_size
)) {
810 size
= rds_caps_size
[format
];
811 memset(outbuf
, 0, size
);
816 /* Physical format information */
821 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
823 outbuf
[4] = 1; /* DVD-ROM, part version 1 */
824 outbuf
[5] = 0xf; /* 120mm disc, minimum rate unspecified */
825 outbuf
[6] = 1; /* one layer, read-only (per MMC-2 spec) */
826 outbuf
[7] = 0; /* default densities */
828 stl_be_p(&outbuf
[12], (nb_sectors
>> 2) - 1); /* end sector */
829 stl_be_p(&outbuf
[16], (nb_sectors
>> 2) - 1); /* l0 end sector */
833 case 0x01: /* DVD copyright information, all zeros */
836 case 0x03: /* BCA information - invalid field for no BCA info */
839 case 0x04: /* DVD disc manufacturing information, all zeros */
842 case 0xff: { /* List capabilities */
845 for (i
= 0; i
< ARRAY_SIZE(rds_caps_size
); i
++) {
846 if (!rds_caps_size
[i
]) {
850 outbuf
[size
+ 1] = 0x40; /* Not writable, readable */
851 stw_be_p(&outbuf
[size
+ 2], rds_caps_size
[i
]);
861 /* Size of buffer, not including 2 byte size field */
862 stw_be_p(outbuf
, size
- 2);
869 static int scsi_event_status_media(SCSIDiskState
*s
, uint8_t *outbuf
)
871 uint8_t event_code
, media_status
;
875 media_status
= MS_TRAY_OPEN
;
876 } else if (bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
877 media_status
= MS_MEDIA_PRESENT
;
880 /* Event notification descriptor */
881 event_code
= MEC_NO_CHANGE
;
882 if (media_status
!= MS_TRAY_OPEN
) {
883 if (s
->media_event
) {
884 event_code
= MEC_NEW_MEDIA
;
885 s
->media_event
= false;
886 } else if (s
->eject_request
) {
887 event_code
= MEC_EJECT_REQUESTED
;
888 s
->eject_request
= false;
892 outbuf
[0] = event_code
;
893 outbuf
[1] = media_status
;
895 /* These fields are reserved, just clear them. */
901 static int scsi_get_event_status_notification(SCSIDiskState
*s
, SCSIDiskReq
*r
,
905 uint8_t *buf
= r
->req
.cmd
.buf
;
906 uint8_t notification_class_request
= buf
[4];
907 if (s
->qdev
.type
!= TYPE_ROM
) {
910 if ((buf
[1] & 1) == 0) {
916 outbuf
[0] = outbuf
[1] = 0;
917 outbuf
[3] = 1 << GESN_MEDIA
; /* supported events */
918 if (notification_class_request
& (1 << GESN_MEDIA
)) {
919 outbuf
[2] = GESN_MEDIA
;
920 size
+= scsi_event_status_media(s
, &outbuf
[size
]);
924 stw_be_p(outbuf
, size
- 4);
928 static int scsi_get_configuration(SCSIDiskState
*s
, uint8_t *outbuf
)
932 if (s
->qdev
.type
!= TYPE_ROM
) {
935 current
= media_is_dvd(s
) ? MMC_PROFILE_DVD_ROM
: MMC_PROFILE_CD_ROM
;
936 memset(outbuf
, 0, 40);
937 stl_be_p(&outbuf
[0], 36); /* Bytes after the data length field */
938 stw_be_p(&outbuf
[6], current
);
939 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
940 outbuf
[10] = 0x03; /* persistent, current */
941 outbuf
[11] = 8; /* two profiles */
942 stw_be_p(&outbuf
[12], MMC_PROFILE_DVD_ROM
);
943 outbuf
[14] = (current
== MMC_PROFILE_DVD_ROM
);
944 stw_be_p(&outbuf
[16], MMC_PROFILE_CD_ROM
);
945 outbuf
[18] = (current
== MMC_PROFILE_CD_ROM
);
946 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
947 stw_be_p(&outbuf
[20], 1);
948 outbuf
[22] = 0x08 | 0x03; /* version 2, persistent, current */
950 stl_be_p(&outbuf
[24], 1); /* SCSI */
951 outbuf
[28] = 1; /* DBE = 1, mandatory */
952 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
953 stw_be_p(&outbuf
[32], 3);
954 outbuf
[34] = 0x08 | 0x03; /* version 2, persistent, current */
956 outbuf
[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
957 /* TODO: Random readable, CD read, DVD read, drive serial number,
962 static int scsi_emulate_mechanism_status(SCSIDiskState
*s
, uint8_t *outbuf
)
964 if (s
->qdev
.type
!= TYPE_ROM
) {
967 memset(outbuf
, 0, 8);
968 outbuf
[5] = 1; /* CD-ROM */
972 static int mode_sense_page(SCSIDiskState
*s
, int page
, uint8_t **p_outbuf
,
975 static const int mode_sense_valid
[0x3f] = {
976 [MODE_PAGE_HD_GEOMETRY
] = (1 << TYPE_DISK
),
977 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
] = (1 << TYPE_DISK
),
978 [MODE_PAGE_CACHING
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
979 [MODE_PAGE_R_W_ERROR
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
980 [MODE_PAGE_AUDIO_CTL
] = (1 << TYPE_ROM
),
981 [MODE_PAGE_CAPABILITIES
] = (1 << TYPE_ROM
),
984 uint8_t *p
= *p_outbuf
+ 2;
987 if ((mode_sense_valid
[page
] & (1 << s
->qdev
.type
)) == 0) {
992 * If Changeable Values are requested, a mask denoting those mode parameters
993 * that are changeable shall be returned. As we currently don't support
994 * parameter changes via MODE_SELECT all bits are returned set to zero.
995 * The buffer was already menset to zero by the caller of this function.
997 * The offsets here are off by two compared to the descriptions in the
998 * SCSI specs, because those include a 2-byte header. This is unfortunate,
999 * but it is done so that offsets are consistent within our implementation
1000 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1001 * 2-byte and 4-byte headers.
1004 case MODE_PAGE_HD_GEOMETRY
:
1006 if (page_control
== 1) { /* Changeable Values */
1009 /* if a geometry hint is available, use it */
1010 p
[0] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1011 p
[1] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1012 p
[2] = s
->qdev
.conf
.cyls
& 0xff;
1013 p
[3] = s
->qdev
.conf
.heads
& 0xff;
1014 /* Write precomp start cylinder, disabled */
1015 p
[4] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1016 p
[5] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1017 p
[6] = s
->qdev
.conf
.cyls
& 0xff;
1018 /* Reduced current start cylinder, disabled */
1019 p
[7] = (s
->qdev
.conf
.cyls
>> 16) & 0xff;
1020 p
[8] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1021 p
[9] = s
->qdev
.conf
.cyls
& 0xff;
1022 /* Device step rate [ns], 200ns */
1025 /* Landing zone cylinder */
1029 /* Medium rotation rate [rpm], 5400 rpm */
1030 p
[18] = (5400 >> 8) & 0xff;
1031 p
[19] = 5400 & 0xff;
1034 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
:
1036 if (page_control
== 1) { /* Changeable Values */
1039 /* Transfer rate [kbit/s], 5Mbit/s */
1042 /* if a geometry hint is available, use it */
1043 p
[2] = s
->qdev
.conf
.heads
& 0xff;
1044 p
[3] = s
->qdev
.conf
.secs
& 0xff;
1045 p
[4] = s
->qdev
.blocksize
>> 8;
1046 p
[6] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1047 p
[7] = s
->qdev
.conf
.cyls
& 0xff;
1048 /* Write precomp start cylinder, disabled */
1049 p
[8] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1050 p
[9] = s
->qdev
.conf
.cyls
& 0xff;
1051 /* Reduced current start cylinder, disabled */
1052 p
[10] = (s
->qdev
.conf
.cyls
>> 8) & 0xff;
1053 p
[11] = s
->qdev
.conf
.cyls
& 0xff;
1054 /* Device step rate [100us], 100us */
1057 /* Device step pulse width [us], 1us */
1059 /* Device head settle delay [100us], 100us */
1062 /* Motor on delay [0.1s], 0.1s */
1064 /* Motor off delay [0.1s], 0.1s */
1066 /* Medium rotation rate [rpm], 5400 rpm */
1067 p
[26] = (5400 >> 8) & 0xff;
1068 p
[27] = 5400 & 0xff;
1071 case MODE_PAGE_CACHING
:
1073 if (page_control
== 1 || /* Changeable Values */
1074 bdrv_enable_write_cache(s
->qdev
.conf
.bs
)) {
1079 case MODE_PAGE_R_W_ERROR
:
1081 if (page_control
== 1) { /* Changeable Values */
1084 p
[0] = 0x80; /* Automatic Write Reallocation Enabled */
1085 if (s
->qdev
.type
== TYPE_ROM
) {
1086 p
[1] = 0x20; /* Read Retry Count */
1090 case MODE_PAGE_AUDIO_CTL
:
1094 case MODE_PAGE_CAPABILITIES
:
1096 if (page_control
== 1) { /* Changeable Values */
1100 p
[0] = 0x3b; /* CD-R & CD-RW read */
1101 p
[1] = 0; /* Writing not supported */
1102 p
[2] = 0x7f; /* Audio, composite, digital out,
1103 mode 2 form 1&2, multi session */
1104 p
[3] = 0xff; /* CD DA, DA accurate, RW supported,
1105 RW corrected, C2 errors, ISRC,
1107 p
[4] = 0x2d | (s
->tray_locked
? 2 : 0);
1108 /* Locking supported, jumper present, eject, tray */
1109 p
[5] = 0; /* no volume & mute control, no
1111 p
[6] = (50 * 176) >> 8; /* 50x read speed */
1112 p
[7] = (50 * 176) & 0xff;
1113 p
[8] = 2 >> 8; /* Two volume levels */
1115 p
[10] = 2048 >> 8; /* 2M buffer */
1116 p
[11] = 2048 & 0xff;
1117 p
[12] = (16 * 176) >> 8; /* 16x read speed current */
1118 p
[13] = (16 * 176) & 0xff;
1119 p
[16] = (16 * 176) >> 8; /* 16x write speed */
1120 p
[17] = (16 * 176) & 0xff;
1121 p
[18] = (16 * 176) >> 8; /* 16x write speed current */
1122 p
[19] = (16 * 176) & 0xff;
1129 assert(length
< 256);
1130 (*p_outbuf
)[0] = page
;
1131 (*p_outbuf
)[1] = length
;
1132 *p_outbuf
+= length
+ 2;
1136 static int scsi_disk_emulate_mode_sense(SCSIDiskReq
*r
, uint8_t *outbuf
)
1138 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1139 uint64_t nb_sectors
;
1141 int page
, buflen
, ret
, page_control
;
1143 uint8_t dev_specific_param
;
1145 dbd
= (r
->req
.cmd
.buf
[1] & 0x8) != 0;
1146 page
= r
->req
.cmd
.buf
[2] & 0x3f;
1147 page_control
= (r
->req
.cmd
.buf
[2] & 0xc0) >> 6;
1148 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1149 (r
->req
.cmd
.buf
[0] == MODE_SENSE
) ? 6 : 10, page
, r
->req
.cmd
.xfer
, page_control
);
1150 memset(outbuf
, 0, r
->req
.cmd
.xfer
);
1153 if (s
->qdev
.type
== TYPE_DISK
) {
1154 dev_specific_param
= s
->features
& (1 << SCSI_DISK_F_DPOFUA
) ? 0x10 : 0;
1155 if (bdrv_is_read_only(s
->qdev
.conf
.bs
)) {
1156 dev_specific_param
|= 0x80; /* Readonly. */
1159 /* MMC prescribes that CD/DVD drives have no block descriptors,
1160 * and defines no device-specific parameter. */
1161 dev_specific_param
= 0x00;
1165 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1166 p
[1] = 0; /* Default media type. */
1167 p
[2] = dev_specific_param
;
1168 p
[3] = 0; /* Block descriptor length. */
1170 } else { /* MODE_SENSE_10 */
1171 p
[2] = 0; /* Default media type. */
1172 p
[3] = dev_specific_param
;
1173 p
[6] = p
[7] = 0; /* Block descriptor length. */
1177 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1178 if (!dbd
&& nb_sectors
) {
1179 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1180 outbuf
[3] = 8; /* Block descriptor length */
1181 } else { /* MODE_SENSE_10 */
1182 outbuf
[7] = 8; /* Block descriptor length */
1184 nb_sectors
/= (s
->qdev
.blocksize
/ 512);
1185 if (nb_sectors
> 0xffffff) {
1188 p
[0] = 0; /* media density code */
1189 p
[1] = (nb_sectors
>> 16) & 0xff;
1190 p
[2] = (nb_sectors
>> 8) & 0xff;
1191 p
[3] = nb_sectors
& 0xff;
1192 p
[4] = 0; /* reserved */
1193 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
1194 p
[6] = s
->qdev
.blocksize
>> 8;
1199 if (page_control
== 3) {
1201 scsi_check_condition(r
, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED
));
1206 for (page
= 0; page
<= 0x3e; page
++) {
1207 mode_sense_page(s
, page
, &p
, page_control
);
1210 ret
= mode_sense_page(s
, page
, &p
, page_control
);
1216 buflen
= p
- outbuf
;
1218 * The mode data length field specifies the length in bytes of the
1219 * following data that is available to be transferred. The mode data
1220 * length does not include itself.
1222 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1223 outbuf
[0] = buflen
- 1;
1224 } else { /* MODE_SENSE_10 */
1225 outbuf
[0] = ((buflen
- 2) >> 8) & 0xff;
1226 outbuf
[1] = (buflen
- 2) & 0xff;
1231 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
1233 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1234 int start_track
, format
, msf
, toclen
;
1235 uint64_t nb_sectors
;
1237 msf
= req
->cmd
.buf
[1] & 2;
1238 format
= req
->cmd
.buf
[2] & 0xf;
1239 start_track
= req
->cmd
.buf
[6];
1240 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1241 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
1242 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1245 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
1248 /* multi session : only a single session defined */
1250 memset(outbuf
, 0, 12);
1256 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
1264 static int scsi_disk_emulate_start_stop(SCSIDiskReq
*r
)
1266 SCSIRequest
*req
= &r
->req
;
1267 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1268 bool start
= req
->cmd
.buf
[4] & 1;
1269 bool loej
= req
->cmd
.buf
[4] & 2; /* load on start, eject on !start */
1270 int pwrcnd
= req
->cmd
.buf
[4] & 0xf0;
1273 /* eject/load only happens for power condition == 0 */
1277 if ((s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) && loej
) {
1278 if (!start
&& !s
->tray_open
&& s
->tray_locked
) {
1279 scsi_check_condition(r
,
1280 bdrv_is_inserted(s
->qdev
.conf
.bs
)
1281 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED
)
1282 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED
));
1286 if (s
->tray_open
!= !start
) {
1287 bdrv_eject(s
->qdev
.conf
.bs
, !start
);
1288 s
->tray_open
= !start
;
1294 static void scsi_disk_emulate_read_data(SCSIRequest
*req
)
1296 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1297 int buflen
= r
->iov
.iov_len
;
1300 DPRINTF("Read buf_len=%d\n", buflen
);
1303 scsi_req_data(&r
->req
, buflen
);
1307 /* This also clears the sense buffer for REQUEST SENSE. */
1308 scsi_req_complete(&r
->req
, GOOD
);
1311 static int scsi_disk_check_mode_select(SCSIDiskState
*s
, int page
,
1312 uint8_t *inbuf
, int inlen
)
1314 uint8_t mode_current
[SCSI_MAX_MODE_LEN
];
1315 uint8_t mode_changeable
[SCSI_MAX_MODE_LEN
];
1317 int len
, expected_len
, changeable_len
, i
;
1319 /* The input buffer does not include the page header, so it is
1322 expected_len
= inlen
+ 2;
1323 if (expected_len
> SCSI_MAX_MODE_LEN
) {
1328 memset(mode_current
, 0, inlen
+ 2);
1329 len
= mode_sense_page(s
, page
, &p
, 0);
1330 if (len
< 0 || len
!= expected_len
) {
1334 p
= mode_changeable
;
1335 memset(mode_changeable
, 0, inlen
+ 2);
1336 changeable_len
= mode_sense_page(s
, page
, &p
, 1);
1337 assert(changeable_len
== len
);
1339 /* Check that unchangeable bits are the same as what MODE SENSE
1342 for (i
= 2; i
< len
; i
++) {
1343 if (((mode_current
[i
] ^ inbuf
[i
- 2]) & ~mode_changeable
[i
]) != 0) {
1350 static void scsi_disk_apply_mode_select(SCSIDiskState
*s
, int page
, uint8_t *p
)
1353 case MODE_PAGE_CACHING
:
1354 bdrv_set_enable_write_cache(s
->qdev
.conf
.bs
, (p
[0] & 4) != 0);
1362 static int mode_select_pages(SCSIDiskReq
*r
, uint8_t *p
, int len
, bool change
)
1364 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1367 int page
, subpage
, page_len
;
1369 /* Parse both possible formats for the mode page headers. */
1373 goto invalid_param_len
;
1376 page_len
= lduw_be_p(&p
[2]);
1381 goto invalid_param_len
;
1392 if (page_len
> len
) {
1393 goto invalid_param_len
;
1397 if (scsi_disk_check_mode_select(s
, page
, p
, page_len
) < 0) {
1401 scsi_disk_apply_mode_select(s
, page
, p
);
1410 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM
));
1414 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1418 static void scsi_disk_emulate_mode_select(SCSIDiskReq
*r
, uint8_t *inbuf
)
1420 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1422 int cmd
= r
->req
.cmd
.buf
[0];
1423 int len
= r
->req
.cmd
.xfer
;
1424 int hdr_len
= (cmd
== MODE_SELECT
? 4 : 8);
1428 /* We only support PF=1, SP=0. */
1429 if ((r
->req
.cmd
.buf
[1] & 0x11) != 0x10) {
1433 if (len
< hdr_len
) {
1434 goto invalid_param_len
;
1437 bd_len
= (cmd
== MODE_SELECT
? p
[3] : lduw_be_p(&p
[6]));
1441 goto invalid_param_len
;
1443 if (bd_len
!= 0 && bd_len
!= 8) {
1450 /* Ensure no change is made if there is an error! */
1451 for (pass
= 0; pass
< 2; pass
++) {
1452 if (mode_select_pages(r
, p
, len
, pass
== 1) < 0) {
1457 if (!bdrv_enable_write_cache(s
->qdev
.conf
.bs
)) {
1458 /* The request is used as the AIO opaque value, so add a ref. */
1459 scsi_req_ref(&r
->req
);
1460 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
1461 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_aio_complete
, r
);
1465 scsi_req_complete(&r
->req
, GOOD
);
1469 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM
));
1473 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1477 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1480 static inline bool check_lba_range(SCSIDiskState
*s
,
1481 uint64_t sector_num
, uint32_t nb_sectors
)
1484 * The first line tests that no overflow happens when computing the last
1485 * sector. The second line tests that the last accessed sector is in
1488 * Careful, the computations should not underflow for nb_sectors == 0,
1489 * and a 0-block read to the first LBA beyond the end of device is
1492 return (sector_num
<= sector_num
+ nb_sectors
&&
1493 sector_num
+ nb_sectors
<= s
->qdev
.max_lba
+ 1);
1496 typedef struct UnmapCBData
{
1502 static void scsi_unmap_complete(void *opaque
, int ret
)
1504 UnmapCBData
*data
= opaque
;
1505 SCSIDiskReq
*r
= data
->r
;
1506 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1507 uint64_t sector_num
;
1508 uint32_t nb_sectors
;
1510 r
->req
.aiocb
= NULL
;
1511 if (r
->req
.io_canceled
) {
1516 if (scsi_handle_rw_error(r
, -ret
)) {
1521 if (data
->count
> 0) {
1522 sector_num
= ldq_be_p(&data
->inbuf
[0]);
1523 nb_sectors
= ldl_be_p(&data
->inbuf
[8]) & 0xffffffffULL
;
1524 if (!check_lba_range(s
, sector_num
, nb_sectors
)) {
1525 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1529 r
->req
.aiocb
= bdrv_aio_discard(s
->qdev
.conf
.bs
,
1530 sector_num
* (s
->qdev
.blocksize
/ 512),
1531 nb_sectors
* (s
->qdev
.blocksize
/ 512),
1532 scsi_unmap_complete
, data
);
1538 scsi_req_complete(&r
->req
, GOOD
);
1541 if (!r
->req
.io_canceled
) {
1542 scsi_req_unref(&r
->req
);
1547 static void scsi_disk_emulate_unmap(SCSIDiskReq
*r
, uint8_t *inbuf
)
1549 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1551 int len
= r
->req
.cmd
.xfer
;
1554 /* Reject ANCHOR=1. */
1555 if (r
->req
.cmd
.buf
[1] & 0x1) {
1560 goto invalid_param_len
;
1562 if (len
< lduw_be_p(&p
[0]) + 2) {
1563 goto invalid_param_len
;
1565 if (len
< lduw_be_p(&p
[2]) + 8) {
1566 goto invalid_param_len
;
1568 if (lduw_be_p(&p
[2]) & 15) {
1569 goto invalid_param_len
;
1572 if (bdrv_is_read_only(s
->qdev
.conf
.bs
)) {
1573 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
1577 data
= g_new0(UnmapCBData
, 1);
1579 data
->inbuf
= &p
[8];
1580 data
->count
= lduw_be_p(&p
[2]) >> 4;
1582 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1583 scsi_req_ref(&r
->req
);
1584 scsi_unmap_complete(data
, 0);
1588 scsi_check_condition(r
, SENSE_CODE(INVALID_PARAM_LEN
));
1592 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1595 typedef struct WriteSameCBData
{
1603 static void scsi_write_same_complete(void *opaque
, int ret
)
1605 WriteSameCBData
*data
= opaque
;
1606 SCSIDiskReq
*r
= data
->r
;
1607 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1609 assert(r
->req
.aiocb
!= NULL
);
1610 r
->req
.aiocb
= NULL
;
1611 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
1612 if (r
->req
.io_canceled
) {
1617 if (scsi_handle_rw_error(r
, -ret
)) {
1622 data
->nb_sectors
-= data
->iov
.iov_len
/ 512;
1623 data
->sector
+= data
->iov
.iov_len
/ 512;
1624 data
->iov
.iov_len
= MIN(data
->nb_sectors
* 512, data
->iov
.iov_len
);
1625 if (data
->iov
.iov_len
) {
1626 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, data
->iov
.iov_len
, BDRV_ACCT_WRITE
);
1627 r
->req
.aiocb
= bdrv_aio_writev(s
->qdev
.conf
.bs
, data
->sector
,
1628 &data
->qiov
, data
->iov
.iov_len
/ 512,
1629 scsi_write_same_complete
, r
);
1633 scsi_req_complete(&r
->req
, GOOD
);
1636 if (!r
->req
.io_canceled
) {
1637 scsi_req_unref(&r
->req
);
1639 qemu_vfree(data
->iov
.iov_base
);
1643 static void scsi_disk_emulate_write_same(SCSIDiskReq
*r
, uint8_t *inbuf
)
1645 SCSIRequest
*req
= &r
->req
;
1646 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1647 uint32_t nb_sectors
= scsi_data_cdb_length(r
->req
.cmd
.buf
);
1648 WriteSameCBData
*data
;
1652 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1653 if (nb_sectors
== 0 || (req
->cmd
.buf
[1] & 0x16)) {
1654 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1658 if (bdrv_is_read_only(s
->qdev
.conf
.bs
)) {
1659 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
1662 if (!check_lba_range(s
, r
->req
.cmd
.lba
, nb_sectors
)) {
1663 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1667 if (buffer_is_zero(inbuf
, s
->qdev
.blocksize
)) {
1668 int flags
= (req
->cmd
.buf
[1] & 0x8) ? BDRV_REQ_MAY_UNMAP
: 0;
1670 /* The request is used as the AIO opaque value, so add a ref. */
1671 scsi_req_ref(&r
->req
);
1672 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, nb_sectors
* s
->qdev
.blocksize
,
1674 r
->req
.aiocb
= bdrv_aio_write_zeroes(s
->qdev
.conf
.bs
,
1675 r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512),
1676 nb_sectors
* (s
->qdev
.blocksize
/ 512),
1677 flags
, scsi_aio_complete
, r
);
1681 data
= g_new0(WriteSameCBData
, 1);
1683 data
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
1684 data
->nb_sectors
= nb_sectors
* (s
->qdev
.blocksize
/ 512);
1685 data
->iov
.iov_len
= MIN(data
->nb_sectors
* 512, SCSI_WRITE_SAME_MAX
);
1686 data
->iov
.iov_base
= buf
= qemu_blockalign(s
->qdev
.conf
.bs
, data
->iov
.iov_len
);
1687 qemu_iovec_init_external(&data
->qiov
, &data
->iov
, 1);
1689 for (i
= 0; i
< data
->iov
.iov_len
; i
+= s
->qdev
.blocksize
) {
1690 memcpy(&buf
[i
], inbuf
, s
->qdev
.blocksize
);
1693 scsi_req_ref(&r
->req
);
1694 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, data
->iov
.iov_len
, BDRV_ACCT_WRITE
);
1695 r
->req
.aiocb
= bdrv_aio_writev(s
->qdev
.conf
.bs
, data
->sector
,
1696 &data
->qiov
, data
->iov
.iov_len
/ 512,
1697 scsi_write_same_complete
, data
);
1700 static void scsi_disk_emulate_write_data(SCSIRequest
*req
)
1702 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1704 if (r
->iov
.iov_len
) {
1705 int buflen
= r
->iov
.iov_len
;
1706 DPRINTF("Write buf_len=%d\n", buflen
);
1708 scsi_req_data(&r
->req
, buflen
);
1712 switch (req
->cmd
.buf
[0]) {
1714 case MODE_SELECT_10
:
1715 /* This also clears the sense buffer for REQUEST SENSE. */
1716 scsi_disk_emulate_mode_select(r
, r
->iov
.iov_base
);
1720 scsi_disk_emulate_unmap(r
, r
->iov
.iov_base
);
1726 if (r
->req
.status
== -1) {
1727 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1733 scsi_disk_emulate_write_same(r
, r
->iov
.iov_base
);
1741 static int32_t scsi_disk_emulate_command(SCSIRequest
*req
, uint8_t *buf
)
1743 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1744 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1745 uint64_t nb_sectors
;
1749 switch (req
->cmd
.buf
[0]) {
1758 case ALLOW_MEDIUM_REMOVAL
:
1759 case GET_CONFIGURATION
:
1760 case GET_EVENT_STATUS_NOTIFICATION
:
1761 case MECHANISM_STATUS
:
1766 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
1767 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
1774 * FIXME: we shouldn't return anything bigger than 4k, but the code
1775 * requires the buffer to be as big as req->cmd.xfer in several
1776 * places. So, do not allow CDBs with a very large ALLOCATION
1777 * LENGTH. The real fix would be to modify scsi_read_data and
1778 * dma_buf_read, so that they return data beyond the buflen
1781 if (req
->cmd
.xfer
> 65536) {
1782 goto illegal_request
;
1784 r
->buflen
= MAX(4096, req
->cmd
.xfer
);
1786 if (!r
->iov
.iov_base
) {
1787 r
->iov
.iov_base
= qemu_blockalign(s
->qdev
.conf
.bs
, r
->buflen
);
1790 buflen
= req
->cmd
.xfer
;
1791 outbuf
= r
->iov
.iov_base
;
1792 memset(outbuf
, 0, r
->buflen
);
1793 switch (req
->cmd
.buf
[0]) {
1794 case TEST_UNIT_READY
:
1795 assert(!s
->tray_open
&& bdrv_is_inserted(s
->qdev
.conf
.bs
));
1798 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
1800 goto illegal_request
;
1805 buflen
= scsi_disk_emulate_mode_sense(r
, outbuf
);
1807 goto illegal_request
;
1811 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
1813 goto illegal_request
;
1817 if (req
->cmd
.buf
[1] & 1) {
1818 goto illegal_request
;
1822 if (req
->cmd
.buf
[1] & 3) {
1823 goto illegal_request
;
1827 if (req
->cmd
.buf
[1] & 1) {
1828 goto illegal_request
;
1832 if (req
->cmd
.buf
[1] & 3) {
1833 goto illegal_request
;
1837 if (scsi_disk_emulate_start_stop(r
) < 0) {
1841 case ALLOW_MEDIUM_REMOVAL
:
1842 s
->tray_locked
= req
->cmd
.buf
[4] & 1;
1843 bdrv_lock_medium(s
->qdev
.conf
.bs
, req
->cmd
.buf
[4] & 1);
1845 case READ_CAPACITY_10
:
1846 /* The normal LEN field for this command is zero. */
1847 memset(outbuf
, 0, 8);
1848 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1850 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
1853 if ((req
->cmd
.buf
[8] & 1) == 0 && req
->cmd
.lba
) {
1854 goto illegal_request
;
1856 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1857 /* Returned value is the address of the last sector. */
1859 /* Remember the new size for read/write sanity checking. */
1860 s
->qdev
.max_lba
= nb_sectors
;
1861 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1862 if (nb_sectors
> UINT32_MAX
) {
1863 nb_sectors
= UINT32_MAX
;
1865 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
1866 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
1867 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
1868 outbuf
[3] = nb_sectors
& 0xff;
1871 outbuf
[6] = s
->qdev
.blocksize
>> 8;
1875 /* Just return "NO SENSE". */
1876 buflen
= scsi_build_sense(NULL
, 0, outbuf
, r
->buflen
,
1877 (req
->cmd
.buf
[1] & 1) == 0);
1879 goto illegal_request
;
1882 case MECHANISM_STATUS
:
1883 buflen
= scsi_emulate_mechanism_status(s
, outbuf
);
1885 goto illegal_request
;
1888 case GET_CONFIGURATION
:
1889 buflen
= scsi_get_configuration(s
, outbuf
);
1891 goto illegal_request
;
1894 case GET_EVENT_STATUS_NOTIFICATION
:
1895 buflen
= scsi_get_event_status_notification(s
, r
, outbuf
);
1897 goto illegal_request
;
1900 case READ_DISC_INFORMATION
:
1901 buflen
= scsi_read_disc_information(s
, r
, outbuf
);
1903 goto illegal_request
;
1906 case READ_DVD_STRUCTURE
:
1907 buflen
= scsi_read_dvd_structure(s
, r
, outbuf
);
1909 goto illegal_request
;
1912 case SERVICE_ACTION_IN_16
:
1913 /* Service Action In subcommands. */
1914 if ((req
->cmd
.buf
[1] & 31) == SAI_READ_CAPACITY_16
) {
1915 DPRINTF("SAI READ CAPACITY(16)\n");
1916 memset(outbuf
, 0, req
->cmd
.xfer
);
1917 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1919 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
1922 if ((req
->cmd
.buf
[14] & 1) == 0 && req
->cmd
.lba
) {
1923 goto illegal_request
;
1925 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1926 /* Returned value is the address of the last sector. */
1928 /* Remember the new size for read/write sanity checking. */
1929 s
->qdev
.max_lba
= nb_sectors
;
1930 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
1931 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
1932 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
1933 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
1934 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
1935 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
1936 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
1937 outbuf
[7] = nb_sectors
& 0xff;
1940 outbuf
[10] = s
->qdev
.blocksize
>> 8;
1943 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
1945 /* set TPE bit if the format supports discard */
1946 if (s
->qdev
.conf
.discard_granularity
) {
1950 /* Protection, exponent and lowest lba field left blank. */
1953 DPRINTF("Unsupported Service Action In\n");
1954 goto illegal_request
;
1955 case SYNCHRONIZE_CACHE
:
1956 /* The request is used as the AIO opaque value, so add a ref. */
1957 scsi_req_ref(&r
->req
);
1958 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
1959 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_aio_complete
, r
);
1962 DPRINTF("Seek(10) (sector %" PRId64
")\n", r
->req
.cmd
.lba
);
1963 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1968 DPRINTF("Mode Select(6) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1970 case MODE_SELECT_10
:
1971 DPRINTF("Mode Select(10) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1974 DPRINTF("Unmap (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1979 DPRINTF("Verify (bytchk %lu)\n", (r
->req
.buf
[1] >> 1) & 3);
1980 if (req
->cmd
.buf
[1] & 6) {
1981 goto illegal_request
;
1986 DPRINTF("WRITE SAME %d (len %lu)\n",
1987 req
->cmd
.buf
[0] == WRITE_SAME_10
? 10 : 16,
1988 (long)r
->req
.cmd
.xfer
);
1991 DPRINTF("Unknown SCSI command (%2.2x)\n", buf
[0]);
1992 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
1995 assert(!r
->req
.aiocb
);
1996 r
->iov
.iov_len
= MIN(r
->buflen
, req
->cmd
.xfer
);
1997 if (r
->iov
.iov_len
== 0) {
1998 scsi_req_complete(&r
->req
, GOOD
);
2000 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
2001 assert(r
->iov
.iov_len
== req
->cmd
.xfer
);
2002 return -r
->iov
.iov_len
;
2004 return r
->iov
.iov_len
;
2008 if (r
->req
.status
== -1) {
2009 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
2014 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
2018 /* Execute a scsi command. Returns the length of the data expected by the
2019 command. This will be Positive for data transfers from the device
2020 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2021 and zero if the command does not transfer any data. */
2023 static int32_t scsi_disk_dma_command(SCSIRequest
*req
, uint8_t *buf
)
2025 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
2026 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
2032 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
2033 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
2037 len
= scsi_data_cdb_length(r
->req
.cmd
.buf
);
2043 DPRINTF("Read (sector %" PRId64
", count %u)\n", r
->req
.cmd
.lba
, len
);
2044 if (r
->req
.cmd
.buf
[1] & 0xe0) {
2045 goto illegal_request
;
2047 if (!check_lba_range(s
, r
->req
.cmd
.lba
, len
)) {
2050 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
2051 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
2057 case WRITE_VERIFY_10
:
2058 case WRITE_VERIFY_12
:
2059 case WRITE_VERIFY_16
:
2060 if (bdrv_is_read_only(s
->qdev
.conf
.bs
)) {
2061 scsi_check_condition(r
, SENSE_CODE(WRITE_PROTECTED
));
2064 DPRINTF("Write %s(sector %" PRId64
", count %u)\n",
2065 (command
& 0xe) == 0xe ? "And Verify " : "",
2066 r
->req
.cmd
.lba
, len
);
2067 if (r
->req
.cmd
.buf
[1] & 0xe0) {
2068 goto illegal_request
;
2070 if (!check_lba_range(s
, r
->req
.cmd
.lba
, len
)) {
2073 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
2074 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
2079 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
2082 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
2085 if (r
->sector_count
== 0) {
2086 scsi_req_complete(&r
->req
, GOOD
);
2088 assert(r
->iov
.iov_len
== 0);
2089 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
2090 return -r
->sector_count
* 512;
2092 return r
->sector_count
* 512;
2096 static void scsi_disk_reset(DeviceState
*dev
)
2098 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
.qdev
, dev
);
2099 uint64_t nb_sectors
;
2101 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(RESET
));
2103 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
2104 nb_sectors
/= s
->qdev
.blocksize
/ 512;
2108 s
->qdev
.max_lba
= nb_sectors
;
2109 /* reset tray statuses */
2114 static void scsi_destroy(SCSIDevice
*dev
)
2116 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2118 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(NO_SENSE
));
2119 blockdev_mark_auto_del(s
->qdev
.conf
.bs
);
2122 static void scsi_disk_resize_cb(void *opaque
)
2124 SCSIDiskState
*s
= opaque
;
2126 /* SPC lists this sense code as available only for
2127 * direct-access devices.
2129 if (s
->qdev
.type
== TYPE_DISK
) {
2130 scsi_device_report_change(&s
->qdev
, SENSE_CODE(CAPACITY_CHANGED
));
2134 static void scsi_cd_change_media_cb(void *opaque
, bool load
)
2136 SCSIDiskState
*s
= opaque
;
2139 * When a CD gets changed, we have to report an ejected state and
2140 * then a loaded state to guests so that they detect tray
2141 * open/close and media change events. Guests that do not use
2142 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2143 * states rely on this behavior.
2145 * media_changed governs the state machine used for unit attention
2146 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2148 s
->media_changed
= load
;
2149 s
->tray_open
= !load
;
2150 scsi_device_set_ua(&s
->qdev
, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM
));
2151 s
->media_event
= true;
2152 s
->eject_request
= false;
2155 static void scsi_cd_eject_request_cb(void *opaque
, bool force
)
2157 SCSIDiskState
*s
= opaque
;
2159 s
->eject_request
= true;
2161 s
->tray_locked
= false;
2165 static bool scsi_cd_is_tray_open(void *opaque
)
2167 return ((SCSIDiskState
*)opaque
)->tray_open
;
2170 static bool scsi_cd_is_medium_locked(void *opaque
)
2172 return ((SCSIDiskState
*)opaque
)->tray_locked
;
2175 static const BlockDevOps scsi_disk_removable_block_ops
= {
2176 .change_media_cb
= scsi_cd_change_media_cb
,
2177 .eject_request_cb
= scsi_cd_eject_request_cb
,
2178 .is_tray_open
= scsi_cd_is_tray_open
,
2179 .is_medium_locked
= scsi_cd_is_medium_locked
,
2181 .resize_cb
= scsi_disk_resize_cb
,
2184 static const BlockDevOps scsi_disk_block_ops
= {
2185 .resize_cb
= scsi_disk_resize_cb
,
2188 static void scsi_disk_unit_attention_reported(SCSIDevice
*dev
)
2190 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2191 if (s
->media_changed
) {
2192 s
->media_changed
= false;
2193 scsi_device_set_ua(&s
->qdev
, SENSE_CODE(MEDIUM_CHANGED
));
2197 static int scsi_initfn(SCSIDevice
*dev
)
2199 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2201 if (!s
->qdev
.conf
.bs
) {
2202 error_report("drive property not set");
2206 if (!(s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) &&
2207 !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
2208 error_report("Device needs media, but drive is empty");
2212 blkconf_serial(&s
->qdev
.conf
, &s
->serial
);
2213 if (dev
->type
== TYPE_DISK
2214 && blkconf_geometry(&dev
->conf
, NULL
, 65535, 255, 255) < 0) {
2218 if (s
->qdev
.conf
.discard_granularity
== -1) {
2219 s
->qdev
.conf
.discard_granularity
=
2220 MAX(s
->qdev
.conf
.logical_block_size
, DEFAULT_DISCARD_GRANULARITY
);
2224 s
->version
= g_strdup(qemu_get_version());
2227 s
->vendor
= g_strdup("QEMU");
2230 if (bdrv_is_sg(s
->qdev
.conf
.bs
)) {
2231 error_report("unwanted /dev/sg*");
2235 if ((s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) &&
2236 !(s
->features
& (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS
))) {
2237 bdrv_set_dev_ops(s
->qdev
.conf
.bs
, &scsi_disk_removable_block_ops
, s
);
2239 bdrv_set_dev_ops(s
->qdev
.conf
.bs
, &scsi_disk_block_ops
, s
);
2241 bdrv_set_buffer_alignment(s
->qdev
.conf
.bs
, s
->qdev
.blocksize
);
2243 bdrv_iostatus_enable(s
->qdev
.conf
.bs
);
2244 add_boot_device_path(s
->qdev
.conf
.bootindex
, &dev
->qdev
, NULL
);
2248 static int scsi_hd_initfn(SCSIDevice
*dev
)
2250 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2251 s
->qdev
.blocksize
= s
->qdev
.conf
.logical_block_size
;
2252 s
->qdev
.type
= TYPE_DISK
;
2254 s
->product
= g_strdup("QEMU HARDDISK");
2256 return scsi_initfn(&s
->qdev
);
2259 static int scsi_cd_initfn(SCSIDevice
*dev
)
2261 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2262 s
->qdev
.blocksize
= 2048;
2263 s
->qdev
.type
= TYPE_ROM
;
2264 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
2266 s
->product
= g_strdup("QEMU CD-ROM");
2268 return scsi_initfn(&s
->qdev
);
2271 static int scsi_disk_initfn(SCSIDevice
*dev
)
2275 if (!dev
->conf
.bs
) {
2276 return scsi_initfn(dev
); /* ... and die there */
2279 dinfo
= drive_get_by_blockdev(dev
->conf
.bs
);
2280 if (dinfo
->media_cd
) {
2281 return scsi_cd_initfn(dev
);
2283 return scsi_hd_initfn(dev
);
2287 static const SCSIReqOps scsi_disk_emulate_reqops
= {
2288 .size
= sizeof(SCSIDiskReq
),
2289 .free_req
= scsi_free_request
,
2290 .send_command
= scsi_disk_emulate_command
,
2291 .read_data
= scsi_disk_emulate_read_data
,
2292 .write_data
= scsi_disk_emulate_write_data
,
2293 .get_buf
= scsi_get_buf
,
2296 static const SCSIReqOps scsi_disk_dma_reqops
= {
2297 .size
= sizeof(SCSIDiskReq
),
2298 .free_req
= scsi_free_request
,
2299 .send_command
= scsi_disk_dma_command
,
2300 .read_data
= scsi_read_data
,
2301 .write_data
= scsi_write_data
,
2302 .cancel_io
= scsi_cancel_io
,
2303 .get_buf
= scsi_get_buf
,
2304 .load_request
= scsi_disk_load_request
,
2305 .save_request
= scsi_disk_save_request
,
2308 static const SCSIReqOps
*const scsi_disk_reqops_dispatch
[256] = {
2309 [TEST_UNIT_READY
] = &scsi_disk_emulate_reqops
,
2310 [INQUIRY
] = &scsi_disk_emulate_reqops
,
2311 [MODE_SENSE
] = &scsi_disk_emulate_reqops
,
2312 [MODE_SENSE_10
] = &scsi_disk_emulate_reqops
,
2313 [START_STOP
] = &scsi_disk_emulate_reqops
,
2314 [ALLOW_MEDIUM_REMOVAL
] = &scsi_disk_emulate_reqops
,
2315 [READ_CAPACITY_10
] = &scsi_disk_emulate_reqops
,
2316 [READ_TOC
] = &scsi_disk_emulate_reqops
,
2317 [READ_DVD_STRUCTURE
] = &scsi_disk_emulate_reqops
,
2318 [READ_DISC_INFORMATION
] = &scsi_disk_emulate_reqops
,
2319 [GET_CONFIGURATION
] = &scsi_disk_emulate_reqops
,
2320 [GET_EVENT_STATUS_NOTIFICATION
] = &scsi_disk_emulate_reqops
,
2321 [MECHANISM_STATUS
] = &scsi_disk_emulate_reqops
,
2322 [SERVICE_ACTION_IN_16
] = &scsi_disk_emulate_reqops
,
2323 [REQUEST_SENSE
] = &scsi_disk_emulate_reqops
,
2324 [SYNCHRONIZE_CACHE
] = &scsi_disk_emulate_reqops
,
2325 [SEEK_10
] = &scsi_disk_emulate_reqops
,
2326 [MODE_SELECT
] = &scsi_disk_emulate_reqops
,
2327 [MODE_SELECT_10
] = &scsi_disk_emulate_reqops
,
2328 [UNMAP
] = &scsi_disk_emulate_reqops
,
2329 [WRITE_SAME_10
] = &scsi_disk_emulate_reqops
,
2330 [WRITE_SAME_16
] = &scsi_disk_emulate_reqops
,
2331 [VERIFY_10
] = &scsi_disk_emulate_reqops
,
2332 [VERIFY_12
] = &scsi_disk_emulate_reqops
,
2333 [VERIFY_16
] = &scsi_disk_emulate_reqops
,
2335 [READ_6
] = &scsi_disk_dma_reqops
,
2336 [READ_10
] = &scsi_disk_dma_reqops
,
2337 [READ_12
] = &scsi_disk_dma_reqops
,
2338 [READ_16
] = &scsi_disk_dma_reqops
,
2339 [WRITE_6
] = &scsi_disk_dma_reqops
,
2340 [WRITE_10
] = &scsi_disk_dma_reqops
,
2341 [WRITE_12
] = &scsi_disk_dma_reqops
,
2342 [WRITE_16
] = &scsi_disk_dma_reqops
,
2343 [WRITE_VERIFY_10
] = &scsi_disk_dma_reqops
,
2344 [WRITE_VERIFY_12
] = &scsi_disk_dma_reqops
,
2345 [WRITE_VERIFY_16
] = &scsi_disk_dma_reqops
,
2348 static SCSIRequest
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
, uint32_t lun
,
2349 uint8_t *buf
, void *hba_private
)
2351 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2353 const SCSIReqOps
*ops
;
2357 ops
= scsi_disk_reqops_dispatch
[command
];
2359 ops
= &scsi_disk_emulate_reqops
;
2361 req
= scsi_req_alloc(ops
, &s
->qdev
, tag
, lun
, hba_private
);
2364 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun
, tag
, buf
[0]);
2367 for (i
= 1; i
< req
->cmd
.len
; i
++) {
2368 printf(" 0x%02x", buf
[i
]);
2378 static int get_device_type(SCSIDiskState
*s
)
2380 BlockDriverState
*bdrv
= s
->qdev
.conf
.bs
;
2383 uint8_t sensebuf
[8];
2384 sg_io_hdr_t io_header
;
2387 memset(cmd
, 0, sizeof(cmd
));
2388 memset(buf
, 0, sizeof(buf
));
2390 cmd
[4] = sizeof(buf
);
2392 memset(&io_header
, 0, sizeof(io_header
));
2393 io_header
.interface_id
= 'S';
2394 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
2395 io_header
.dxfer_len
= sizeof(buf
);
2396 io_header
.dxferp
= buf
;
2397 io_header
.cmdp
= cmd
;
2398 io_header
.cmd_len
= sizeof(cmd
);
2399 io_header
.mx_sb_len
= sizeof(sensebuf
);
2400 io_header
.sbp
= sensebuf
;
2401 io_header
.timeout
= 6000; /* XXX */
2403 ret
= bdrv_ioctl(bdrv
, SG_IO
, &io_header
);
2404 if (ret
< 0 || io_header
.driver_status
|| io_header
.host_status
) {
2407 s
->qdev
.type
= buf
[0];
2408 if (buf
[1] & 0x80) {
2409 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
2414 static int scsi_block_initfn(SCSIDevice
*dev
)
2416 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
2420 if (!s
->qdev
.conf
.bs
) {
2421 error_report("scsi-block: drive property not set");
2425 /* check we are using a driver managing SG_IO (version 3 and after) */
2426 if (bdrv_ioctl(s
->qdev
.conf
.bs
, SG_GET_VERSION_NUM
, &sg_version
) < 0 ||
2427 sg_version
< 30000) {
2428 error_report("scsi-block: scsi generic interface too old");
2432 /* get device type from INQUIRY data */
2433 rc
= get_device_type(s
);
2435 error_report("scsi-block: INQUIRY failed");
2439 /* Make a guess for the block size, we'll fix it when the guest sends.
2440 * READ CAPACITY. If they don't, they likely would assume these sizes
2441 * anyway. (TODO: check in /sys).
2443 if (s
->qdev
.type
== TYPE_ROM
|| s
->qdev
.type
== TYPE_WORM
) {
2444 s
->qdev
.blocksize
= 2048;
2446 s
->qdev
.blocksize
= 512;
2449 /* Makes the scsi-block device not removable by using HMP and QMP eject
2452 s
->features
|= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS
);
2454 return scsi_initfn(&s
->qdev
);
2457 static SCSIRequest
*scsi_block_new_request(SCSIDevice
*d
, uint32_t tag
,
2458 uint32_t lun
, uint8_t *buf
,
2461 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
2475 case WRITE_VERIFY_10
:
2476 case WRITE_VERIFY_12
:
2477 case WRITE_VERIFY_16
:
2478 /* If we are not using O_DIRECT, we might read stale data from the
2479 * host cache if writes were made using other commands than these
2480 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2481 * O_DIRECT everything must go through SG_IO.
2483 if (bdrv_get_flags(s
->qdev
.conf
.bs
) & BDRV_O_NOCACHE
) {
2487 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2488 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2489 * And once you do these writes, reading from the block device is
2490 * unreliable, too. It is even possible that reads deliver random data
2491 * from the host page cache (this is probably a Linux bug).
2493 * We might use scsi_disk_dma_reqops as long as no writing commands are
2494 * seen, but performance usually isn't paramount on optical media. So,
2495 * just make scsi-block operate the same as scsi-generic for them.
2497 if (s
->qdev
.type
!= TYPE_ROM
) {
2498 return scsi_req_alloc(&scsi_disk_dma_reqops
, &s
->qdev
, tag
, lun
,
2503 return scsi_req_alloc(&scsi_generic_req_ops
, &s
->qdev
, tag
, lun
,
2508 #define DEFINE_SCSI_DISK_PROPERTIES() \
2509 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2510 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2511 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2512 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2513 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2515 static Property scsi_hd_properties
[] = {
2516 DEFINE_SCSI_DISK_PROPERTIES(),
2517 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
2518 SCSI_DISK_F_REMOVABLE
, false),
2519 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
2520 SCSI_DISK_F_DPOFUA
, false),
2521 DEFINE_PROP_HEX64("wwn", SCSIDiskState
, wwn
, 0),
2522 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState
, qdev
.conf
),
2523 DEFINE_PROP_END_OF_LIST(),
2526 static const VMStateDescription vmstate_scsi_disk_state
= {
2527 .name
= "scsi-disk",
2529 .minimum_version_id
= 1,
2530 .minimum_version_id_old
= 1,
2531 .fields
= (VMStateField
[]) {
2532 VMSTATE_SCSI_DEVICE(qdev
, SCSIDiskState
),
2533 VMSTATE_BOOL(media_changed
, SCSIDiskState
),
2534 VMSTATE_BOOL(media_event
, SCSIDiskState
),
2535 VMSTATE_BOOL(eject_request
, SCSIDiskState
),
2536 VMSTATE_BOOL(tray_open
, SCSIDiskState
),
2537 VMSTATE_BOOL(tray_locked
, SCSIDiskState
),
2538 VMSTATE_END_OF_LIST()
2542 static void scsi_hd_class_initfn(ObjectClass
*klass
, void *data
)
2544 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2545 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2547 sc
->init
= scsi_hd_initfn
;
2548 sc
->destroy
= scsi_destroy
;
2549 sc
->alloc_req
= scsi_new_request
;
2550 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
2551 dc
->fw_name
= "disk";
2552 dc
->desc
= "virtual SCSI disk";
2553 dc
->reset
= scsi_disk_reset
;
2554 dc
->props
= scsi_hd_properties
;
2555 dc
->vmsd
= &vmstate_scsi_disk_state
;
2558 static const TypeInfo scsi_hd_info
= {
2560 .parent
= TYPE_SCSI_DEVICE
,
2561 .instance_size
= sizeof(SCSIDiskState
),
2562 .class_init
= scsi_hd_class_initfn
,
2565 static Property scsi_cd_properties
[] = {
2566 DEFINE_SCSI_DISK_PROPERTIES(),
2567 DEFINE_PROP_HEX64("wwn", SCSIDiskState
, wwn
, 0),
2568 DEFINE_PROP_END_OF_LIST(),
2571 static void scsi_cd_class_initfn(ObjectClass
*klass
, void *data
)
2573 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2574 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2576 sc
->init
= scsi_cd_initfn
;
2577 sc
->destroy
= scsi_destroy
;
2578 sc
->alloc_req
= scsi_new_request
;
2579 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
2580 dc
->fw_name
= "disk";
2581 dc
->desc
= "virtual SCSI CD-ROM";
2582 dc
->reset
= scsi_disk_reset
;
2583 dc
->props
= scsi_cd_properties
;
2584 dc
->vmsd
= &vmstate_scsi_disk_state
;
2587 static const TypeInfo scsi_cd_info
= {
2589 .parent
= TYPE_SCSI_DEVICE
,
2590 .instance_size
= sizeof(SCSIDiskState
),
2591 .class_init
= scsi_cd_class_initfn
,
2595 static Property scsi_block_properties
[] = {
2596 DEFINE_PROP_DRIVE("drive", SCSIDiskState
, qdev
.conf
.bs
),
2597 DEFINE_PROP_INT32("bootindex", SCSIDiskState
, qdev
.conf
.bootindex
, -1),
2598 DEFINE_PROP_END_OF_LIST(),
2601 static void scsi_block_class_initfn(ObjectClass
*klass
, void *data
)
2603 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2604 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2606 sc
->init
= scsi_block_initfn
;
2607 sc
->destroy
= scsi_destroy
;
2608 sc
->alloc_req
= scsi_block_new_request
;
2609 dc
->fw_name
= "disk";
2610 dc
->desc
= "SCSI block device passthrough";
2611 dc
->reset
= scsi_disk_reset
;
2612 dc
->props
= scsi_block_properties
;
2613 dc
->vmsd
= &vmstate_scsi_disk_state
;
2616 static const TypeInfo scsi_block_info
= {
2617 .name
= "scsi-block",
2618 .parent
= TYPE_SCSI_DEVICE
,
2619 .instance_size
= sizeof(SCSIDiskState
),
2620 .class_init
= scsi_block_class_initfn
,
2624 static Property scsi_disk_properties
[] = {
2625 DEFINE_SCSI_DISK_PROPERTIES(),
2626 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
2627 SCSI_DISK_F_REMOVABLE
, false),
2628 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
2629 SCSI_DISK_F_DPOFUA
, false),
2630 DEFINE_PROP_HEX64("wwn", SCSIDiskState
, wwn
, 0),
2631 DEFINE_PROP_END_OF_LIST(),
2634 static void scsi_disk_class_initfn(ObjectClass
*klass
, void *data
)
2636 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2637 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2639 sc
->init
= scsi_disk_initfn
;
2640 sc
->destroy
= scsi_destroy
;
2641 sc
->alloc_req
= scsi_new_request
;
2642 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
2643 dc
->fw_name
= "disk";
2644 dc
->desc
= "virtual SCSI disk or CD-ROM (legacy)";
2645 dc
->reset
= scsi_disk_reset
;
2646 dc
->props
= scsi_disk_properties
;
2647 dc
->vmsd
= &vmstate_scsi_disk_state
;
2650 static const TypeInfo scsi_disk_info
= {
2651 .name
= "scsi-disk",
2652 .parent
= TYPE_SCSI_DEVICE
,
2653 .instance_size
= sizeof(SCSIDiskState
),
2654 .class_init
= scsi_disk_class_initfn
,
2657 static void scsi_disk_register_types(void)
2659 type_register_static(&scsi_hd_info
);
2660 type_register_static(&scsi_cd_info
);
2662 type_register_static(&scsi_block_info
);
2664 type_register_static(&scsi_disk_info
);
2667 type_init(scsi_disk_register_types
)